Executive Summary
Summary | |
---|---|
Title | Cisco NX-OS Software Role-Based Access Control Elevated Privileges Vulnerability |
Informations | |||
---|---|---|---|
Name | cisco-sa-20180620-nxosrbac | First vendor Publication | 2018-06-20 |
Vendor | Cisco | Last vendor Modification | 2018-06-20 |
Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:S/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 9 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Low |
Cvss Expoit Score | 8 | Authentication | Requires single instance |
Calculate full CVSS 2.0 Vectors scores |
Detail
A vulnerability in role-based access control (RBAC) for Cisco NX-OS Software could allow an authenticated, remote attacker to execute CLI commands that should be restricted for a nonadministrative user. The attacker would have to possess valid user credentials for the device. The vulnerability is due to incorrect RBAC privilege assignment for certain CLI commands. An attacker could exploit this vulnerability by authenticating to a device as a nonadministrative user and executing specific commands from the CLI. An exploit could allow the attacker to run commands that should be restricted to administrative users. These commands could modify the configuration or boot image on the device. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180620-nxosrbac ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180620-nxosrbac"] This advisory is part of the June 2018 Cisco FXOS and NX-OS Software Security Advisory Collection, which includes 24 Cisco Security Advisories that describe 24 vulnerabilities. For a complete list of the advisories and links to them, see Cisco Event Response: June 2018 Cisco FXOS and NX-OS Software Security Advisory Collection ["https://tools.cisco.com/security/center/viewErp.x?alertId=ERP-67770"]. BEGIN PGP SIGNATURE iQJ5BAEBAgBjBQJbKnqBXBxDaXNjbyBQcm9kdWN0IFNlY3VyaXR5IEluY2lkZW50 IFJlc3BvbnNlIFRlYW0gKENpc2NvIFBTSVJUIGtleSAyMDE4LTIwMTkpIDxwc2ly dEBjaXNjby5jb20+AAoJEJa12PPJBfczX+QQAMpAXjQVROnkpcAnZ107tKDc8ful WKVVAczgaCDNLjZS8a5vAxZqUR32oqQ/MhF79XrrK2SfJ5Zukn6ujLkpPVAoQ/ip JdsGawzQsrKYOmIAGnwT2oNsj0i83SBSbQ3THqtncL2tCnmyEgl65DQgcB94kRZN UqPQArLVQK/inzAzCKUflh9B7VMflXGxvP8wg1jOBsaYp4THQvSSGea9XFiETDgB lbbPnFVq/COUAbaj9FariQsBpWh5EMWzNFjk04sZI+M0fhGtOmEJV1c3Wc3Rt6vy Gs5VOh1VcODngnkEJs9iPtg59yIx3prn029qHVLEaz6QUerIdlub95Dqu5y3WO7e Wf2Qo1N7e0mwNE6cbF6WW0CUABMIJQb9/GZTdbTJDDAQ6Fi6kiB09JJsseckYREK tlpOirSNNLCf+T6ZsSBVr1gUBQVto6V1XZBfIyEOmhRhcwwXIoNGD2e3T+OpGhbA czJbhYExoJ4bg7ihNEprrMG1dVO3hssSMfx34YhG/+sCXEqgEd+DX2d7BC4SI01V nQTpj0X+fsol2M1HwS71LMUdh5WutzqvfeE7//KdMllzqzxq47UQUkyks45llh5C Iq5hrqsQqVNgCzQMDlnT1aA0AZFod1Ts5RmS/YbapXFnfGxEeBS0kyJU8B0DGKo2 WpV9wSqeqNT3jyxz =+rfd END PGP SIGNATURE _______________________________________________ cust-security-announce mailing list cust-security-announce@cisco.com To unsubscribe, send the command "unsubscribe" in the subject of your message to cust-security-announce-leave@cisco.com |
Original Source
Url : http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco (...) |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-78 | Improper Sanitization of Special Elements used in an OS Command ('OS Command Injection') (CWE/SANS Top 25) |
CPE : Common Platform Enumeration
Alert History
Date | Informations |
---|---|
2018-08-21 17:21:45 |
|
2018-06-21 00:21:09 |
|
2018-06-20 21:19:14 |
|